Hacking LoCoins

User funds are safe if LoCoins gets hacked.

In crypto space security is one topic you should not be careless about. Even those that haven’t followed cryptocurrencies closely have probably heard of the infamous Mt. Gox breach or some other similar fiasco. Repeat after us:

Not your private keys, not your coins!

If you know and follow this crypto mantra you can skip to the end of the article where we look at why LoCoins is safer than most online exchanges (fact and not just opinion). Anyone up for a quick refresher regarding the ownership of coins should read on, this is key (pun intended) stuff.

Those familiar with crypto wallets will know that their wallet is represented by private and public keys (follow the link for the basics). The private keys are used when sending coins elsewhere, which means that anyone else who knows your private keys can easily empty your wallet, transferring all your coins to the local charity or, you know, their own wallet. To put it even more simply, letting someone else know your wallet’s private keys is the equivalent of leaving your physical wallet with them. Hence the crypto mantra: Not your private keys, not your coins!

Cryptocurrencies are a so-called direct type of a currency, as opposed to other (mainly fiat) currencies, which means that all payments are done directly between two parties. The owner always directly holds the funds and there is no institution backing up those funds. Your coins belong to you as long as you hold the private keys for them.

In certain cases, however, users hand over the ownership of private keys to another party and they trust that this party will provide the private keys when they will want the coins back. This is pretty common when using online exchanges (like BinanceCoinbase, etc.) which are used to trade and exchange various currencies. Even though these services present your funds as belonging to your account, technically the ownership of the coins has changed and the company running the service has a liability towards you instead.

This is not inherently bad, in fact many businesses outside of crypto work this way, but it doesn’t change the underlying fact that the coins are technically no longer yours and are therefore susceptible to potential security breaches by the company (an online exchange in this example). By contrast, owning your private keys essentially means you (and only you) have the full control over your crypto funds and should therefore be your first line of defense. We strongly recommend you take additional measures on securing your wallet too, you can learn more about this on bitcoin.org.

What happens if a service using your coins has a security breach?

What’s the mantra again? Not your private keys, not your coins! Most wallet providers do not store your private keys on any centralized server and will usually give you the ability to securely backup your keys. On the other hand, most online exchanges and brokerages do not give you access to private keys. Instead, you access your funds by logging into your account with a username and password (and hopefully also 2FA). This can be really convenient — but so would leaving your physical wallet at the pub — and no one does that for very obvious reasons. Yes, some of these services put maximum effort into protecting themselves from hacking attempts and some are even regulated, but the fact is that the majority are still being considered as significant risk due to low level of compliance as indicated in this recent analysis. Just take a look at this comprehensive chronological listwhich confirms that 2018 has been a record-breaking year for crypto exchange hacks.

Paper wallet with a key. (Example — do not use, duh.)

Besides wallet providers there are a few exception where you can use the service and still remain a full owner of your coins, such as DEX, smaller real time exchanges and — you’ve probably guessed it by now — so is LoCoins.

LoCoins is a network of local physical shops that offer two-way exchanges between cryptocurrencies and fiat currencies. It provides a regulated ecosystem where users benefit from a fast service using cash and retailers gain a new revenue stream without the hassle of any hardware or special knowledge.

Since LoCoins never holds the private keys of its users, any security breach on its platform would not affect any user’s funds. Because the coins are transferred directly between the platform and the user, shop owners are risk-free as well!

The purpose of this article is not an open invitation to hackers but rather to show why our CEO, Peter, sleeps better at night (seriously, look at this happy face). He doesn’t have to worry about keeping other people’s money and end up owing millions of dollars in case of a security breach.

Our core principle of never touching our users’ private keys de facto makes us one of the safer services out there. We’re also heavily invested in educating, not just LoCoins users, but the general public on how to safely manage their coins. Now that the regulators are starting to catch up with the new technology and imposing stricter legislation, it also means that LoCoins is in a privileged position to operate and grow globally without putting users’ funds at risk.

Let’s say it just one more time: Not your private keys, not your coins!Choose the services you use accordingly.